Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

Don't store passwords in plain text

Cristi shared this idea 8 months ago
Under Consideration

At this point the table "tblemails" contains customer passwords in plain text witch i think it's a big security risk.

Please create an option that will allow us to stop storing plain text passwords in logs.

Comments (3)

photo
1

Hi there,

Thanks for taking the time to submit this suggestion. We currently do not log password reset and validation emails for this reason.

Is your proposal to also omit product welcome emails as well?

Allowing clients to view their welcome email is a major use-case for the email log feature, so disabling this could reduce its usefulness.

photo
1

I think it makes more sense to just remove the product password from the email template and show it in the Client Area instead. After all, email contents are not guaranteed to be secure, yet your Client Area certainly should be secure.

photo
1

John, everything this product does should be encrypted from the top down. There should be nothing sent to the customer or stored in any database tables that contains log in, password, username data in plain view. Everything should be encrypted from the start and users should be required to log into the client area to review any of this data.